isomerpages · harishv7 · Dec 21, 2023 · Dec 18, 2023 · Dec 19, 2023 · Dec 19, 2023
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,11 @@
+**/*.pem
+**/.aws
+**/.ssh
+**/.ebextensions
+**/.elasticbeanstalk
+**/node_modules
+**/public/lib
+.eslintrc.json
+.prettierrc.json
+**/docs
+**/.platform
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -86,9 +86,8 @@ jobs:
           path: ~/.npm
           key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
       - run: npm ci
-      - run: npm run dev:services
+      - run: npm run test:docker
       - run: . .env.test && npx jest --runInBand
-      - run: docker compose down
 
   gatekeep:
     name: Determine if Build & Deploy is needed

diff --git a/.gitignore b/.gitignore
@@ -11,3 +11,4 @@ build/
 .step-functions-local/
 .serverless/
 .cache_ggshield
+.ssh/
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,8 +4,24 @@ All notable changes to this project will be documented in this file. Dates are d
 
 Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
 
+#### [v0.60.0](https://github.com/isomerpages/isomercms-backend/compare/v0.59.0...v0.60.0)
+
+- fix: add conditional sha calc [`#1072`](https://github.com/isomerpages/isomercms-backend/pull/1072)
+- feat(dockerfile): migrate fetching keys to script too [`#1070`](https://github.com/isomerpages/isomercms-backend/pull/1070)
+- ref(ts migration): replaced all instances of any with explicit types in repoService.ts [`#1066`](https://github.com/isomerpages/isomercms-backend/pull/1066)
+- fix(ci): update commands [`#1069`](https://github.com/isomerpages/isomercms-backend/pull/1069)
+- feat(docker): setup github stuff to be parity with efs [`#1067`](https://github.com/isomerpages/isomercms-backend/pull/1067)
+- IS-835 Removed all instances of any from GitHubService.ts [`#1063`](https://github.com/isomerpages/isomercms-backend/pull/1063)
+- feat(docker): shift app to docker [`#1059`](https://github.com/isomerpages/isomercms-backend/pull/1059)
+- release/0.59.0 [`#1061`](https://github.com/isomerpages/isomercms-backend/pull/1061)
+- fix(ci): update jest command [`cefefc1`](https://github.com/isomerpages/isomercms-backend/commit/cefefc1ccdfef2dca74bf3c85a901880ca13b096)
+- fix(ci-9): update to use [`3da4d1c`](https://github.com/isomerpages/isomercms-backend/commit/3da4d1c46a160104848fc0cd1b06a5ade0931f4e)
+- fix(ci): update command [`f36c524`](https://github.com/isomerpages/isomercms-backend/commit/f36c524ff51831616a4112325f4e7bd3252f648b)
+
 #### [v0.59.0](https://github.com/isomerpages/isomercms-backend/compare/v0.58.0...v0.59.0)
 
+> 18 December 2023
+
 - fix(media): filter first before getting git blob hash [`#1060`](https://github.com/isomerpages/isomercms-backend/pull/1060)
 - ref(media): upgrade media router to typescript [`#1058`](https://github.com/isomerpages/isomercms-backend/pull/1058)
 - 0.58.0 [`#1056`](https://github.com/isomerpages/isomercms-backend/pull/1056)

diff --git a/Dockerfile.develop b/Dockerfile.develop
@@ -0,0 +1,25 @@
+FROM node:18-alpine AS base
+WORKDIR /opt/isomercms-backend
+COPY . .
+
+RUN apk update && \ 
+  apk add --no-cache bash && \
+  apk add git && \
+  apk add openssh-client
+
+RUN mkdir /root/.ssh
+RUN cat <<EOF >/root/.ssh/config 
+Host github.com
+  IdentityFile /root/.ssh/github
+  User git
+EOF
+
+RUN chmod +x ./scripts/04_add_github_to_known_hosts.sh
+RUN sh ./scripts/04_add_github_to_known_hosts.sh
+
+RUN npm ci 
+# NOTE: Removing the cache here to keep the image small
+RUN rm -rf /var/cache/apk/*
+
+EXPOSE "8081"
+CMD ["bash", "-c", "chmod +x ./scripts/02_fetch_ssh_keys.sh && bash ./scripts/02_fetch_ssh_keys.sh & npm run dev:server"] 
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -0,0 +1,31 @@
+version: "3"
+services:
+  web:
+    build:
+      context: .
+      dockerfile: Dockerfile.develop
+    ports:
+      - "8081:8081"
+    depends_on:
+      - postgres
+    env_file:
+      - .env
+    volumes:
+      - ./:/opt/isomercms-backend
+      - /opt/isomercms-backend/node_modules
+      - ${EFS_VOL_PATH}:${EFS_VOL_PATH}
+      - "~/.gitconfig:/etc/gitconfig"
+
+  postgres:
+    image: "postgres:13-alpine"
+    environment:
+      POSTGRES_USER: isomer
+      POSTGRES_PASSWORD: password
+      POSTGRES_DB: isomercms_dev
+    ports:
+      - "5432:5432"
+    volumes:
+      - isomercms_data:/var/lib/postgresql/data
+
+volumes:
+  isomercms_data:
diff --git a/docker-compose.yml → docker-compose.test.yml b/docker-compose.yml → docker-compose.test.yml
@@ -1,16 +1,5 @@
 version: "3"
 services:
-  postgres:
-    image: "postgres:13-alpine"
-    environment:
-      POSTGRES_USER: isomer
-      POSTGRES_PASSWORD: password
-      POSTGRES_DB: isomercms_dev
-    ports:
-      - "15432:5432"
-    volumes:
-      - isomercms_data:/var/lib/postgresql/data
-
   postgres_test:
     image: "postgres:13-alpine"
     environment:
@@ -20,6 +9,5 @@ services:
     ports:
       # use a different port to avoid blocking dev environment when running tests
       - "54321:5432"
-
 volumes:
   isomercms_data:
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,13 +1,13 @@
 {
   "name": "isomercms",
-  "version": "0.59.0",
+  "version": "0.60.0",
   "private": true,
   "scripts": {
     "build": "tsc -p tsconfig.build.json",
     "start": "node --unhandled-rejections=warn -r ts-node/register/transpile-only -r tsconfig-paths/register -r dotenv/config build/server.js dotenv_config_path=/efs/isomer/.isomer.env",
-    "dev:services": "docker compose up -d",
     "dev:server": "source .env && ts-node-dev --unhandled-rejections=warn --respawn src/server.js",
-    "dev": "npm run dev:services && npm run dev:server",
+    "dev": "docker compose -f docker-compose.dev.yml up",
+    "test:docker": "docker run -d -p 54321:5432 --name postgres -e POSTGRES_USER=isomer -e POSTGRES_PASSWORD=password -e POSTGRES_DB=isomercms_test postgres:latest",
     "test": "source .env.test && jest --runInBand",
     "release": "npm version $npm_config_isomer_update && git push --tags",
     "lint": "npx eslint .",

diff --git a/scripts/02_fetch_ssh_keys.sh b/scripts/02_fetch_ssh_keys.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+ENV_TYPE="DEV"
+
+SSH_PUBLIC_KEY_PARAM_NAME="${ENV_TYPE}_SSH_PUBLIC_KEY"
+SSH_PRIVATE_KEY_PARAM_NAME="${ENV_TYPE}_SSH_PRIVATE_KEY"
+
+# create .ssh folder if it does not exist
+mkdir -p /root/.ssh
+
+SSH_PUBLIC_KEY_VALUE="${!SSH_PUBLIC_KEY_PARAM_NAME}"
+SSH_PRIVATE_KEY_VALUE="${!SSH_PRIVATE_KEY_PARAM_NAME}"
+
+echo "Fetching keys"
+echo $SSH_PUBLIC_KEY_VALUE >/root/.ssh/github.pub || {
+    echo "Failed to fetch SSH public key"
+    exit 1
+}
+echo $SSH_PRIVATE_KEY_VALUE >/root/.ssh/github || {
+    echo "Failed to fetch SSH private key"
+    exit 1
+}
+
+# Set the permissions for the keys
+echo "Setting permissions"
+chmod 600 /root/.ssh/github.pub
+chmod 600 /root/.ssh/github
+
+echo "Fetching keys complete"
diff --git a/scripts/04_add_github_to_known_hosts.sh b/scripts/04_add_github_to_known_hosts.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# Get the server's public key
+ssh-keyscan -t rsa github.com >github_rsa.pub
+
+# Generate the key's fingerprint
+SERVER_FINGERPRINT=$(ssh-keygen -lf github_rsa.pub | awk '{print $2}')
+echo "SERVER_FINGERPRINT: $SERVER_FINGERPRINT" >/tmp/setup-github-known-hosts.txt
+
+# The official GitHub RSA fingerprint
+# https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
+OFFICIAL_FINGERPRINT="SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s"
+
+# Check if the server's fingerprint matches the official fingerprint
+# Note: This check is important to prevent any MITM attacks
+if [ "$SERVER_FINGERPRINT" = "$OFFICIAL_FINGERPRINT" ]; then
+    # If the fingerprints match, add the public key to the known_hosts file
+    cat github_rsa.pub >/root/.ssh/known_hosts
+    echo "GitHub's public key added to known_hosts." >>/tmp/setup-github-known-hosts.txt
+else
+    # If the fingerprints don't match, output a warning and exit with an error
+    echo "WARNING: The server's SSH key fingerprint doesn't match the official GitHub fingerprint." >>/tmp/setup-github-known-hosts.txt
+    rm github_rsa.pub
+    exit 1
+fi
+
+# Remove the temporary public key file
+rm github_rsa.pub
diff --git a/src/routes/v2/authenticatedSites/media.ts b/src/routes/v2/authenticatedSites/media.ts
@@ -108,22 +108,20 @@ export class MediaRouter {
     { directoryName: string },
     { directories: MediaDirOutput[] },
     never,
-    { page: number },
+    never,
     { userWithSiteSessionData: UserWithSiteSessionData }
   > = async (req, res) => {
     const { userWithSiteSessionData } = res.locals
-
     const { directoryName } = req.params
-    const { page } = req.query
 
     const {
       directories,
     } = await this.mediaDirectoryService.listMediaDirectoryContent(
       userWithSiteSessionData,
       {
         directoryName,
-        page,
-        limit: 0,
+        page: 0,
+        limit: 1,
         search: "",
       }
     )

diff --git a/src/services/db/GitFileSystemService.ts b/src/services/db/GitFileSystemService.ts
@@ -912,7 +912,8 @@ export default class GitFileSystemService {
   listDirectoryContents(
     repoName: string,
     directoryPath: string,
-    branchName: string
+    branchName: string,
+    includeSha = true
   ): ResultAsync<GitDirectoryItem[], GitFileSystemError | NotFoundError> {
     const efsVolPath = this.getEfsVolPathFromBranch(branchName)
     const isStaging = this.isStagingFromBranchName(branchName)
@@ -955,6 +956,29 @@ export default class GitFileSystemService {
           const path = directoryPath === "" ? name : `${directoryPath}/${name}`
           const type = isDirectory ? "dir" : "file"
 
+          if (includeSha) {
+            return this.getGitBlobHash(repoName, path, isStaging)
+              .orElse(() => okAsync(""))
+              .andThen((sha) =>
+                ResultAsync.combine([
+                  okAsync(sha),
+                  this.getFilePathStats(repoName, path, isStaging),
+                ])
+              )
+              .andThen((shaAndStats) => {
+                const [sha, stats] = shaAndStats
+                const result: GitDirectoryItem = {
+                  name,
+                  type,
+                  sha,
+                  path,
+                  size: type === "dir" ? 0 : stats.size,
+                  addedTime: stats.ctimeMs,
+                }
+
+                return okAsync(result)
+              })
+          }
           return this.getFilePathStats(repoName, path, isStaging).andThen(
             (stats) => {
               const result: GitDirectoryItem = {
@@ -964,7 +988,6 @@ export default class GitFileSystemService {
                 size: type === "dir" ? 0 : stats.size,
                 addedTime: stats.ctimeMs,
               }
-
               return okAsync(result)
             }
           )
@@ -984,7 +1007,12 @@ export default class GitFileSystemService {
   ): ResultAsync<DirectoryContents, GitFileSystemError | NotFoundError> {
     const isStaging = this.isStagingFromBranchName(branchName)
 
-    return this.listDirectoryContents(repoName, directoryPath, branchName)
+    return this.listDirectoryContents(
+      repoName,
+      directoryPath,
+      branchName,
+      false
+    )
       .andThen((directoryContents) =>
         okAsync(
           getPaginatedDirectoryContents(directoryContents, page, limit, search)